Hi, RFC5201 and RFC5202 mentions the use of SHA1 and RFC 5202 in section 3.3.5. Supported Transforms mentions "All HIP implementations MUST support AES-CBC [RFC3602] and HMAC-SHA-1-96 [RFC2404]." Can you confirm that all SHA1 of RFC5201 and RFC5202 MUST be understood as SHA1-96, or is that the way you implemented it in HIPL? -- I am just upset since I had in mind that SHA1 is by default SHA1-160. As such, default parameters for HIPL seems to me : DH | 1536-bit MODP Group | ESP_ENCR | AES-CBC with HMAC-SHA1 | | 3DES-CBC with HMAC-SHA1 | | NULL with HMAC-SHA1 | ID | RSA | How can you configure I1 with HIP_TRANSFORM or ESP_TRANSFORM? ESP_ENCR ENCR_NULL ESP_AUTH HMAC_SHA1_96 Regards, Daniel Regards, Daniel -- Daniel Migault Orange Labs / Security Lab +33 (0) 1 45 29 60 52 +33 (0) 6 70 72 69 58